Multi-security-CPU system

ABSTRACT

A computing system includes a first security central processing unit (SCPU) of a system-on-a-chip (SOC), the first SCPU configured to execute functions of a first security level. The computing system also includes a second SCPU of the SOC coupled with the first SCPU and coupled with a host processor, the second SCPU configured to execute functions of a second security level less secure than the first security level, and the second SCPU executing functions not executed by the first SCPU.

CROSS REFERENCE TO RELATED APPLICATIONS

This application is a continuation of U.S. patent application Ser. No. 13/705,991 filed on Dec. 5, 2012, which claims the benefit of priority to U.S. Provisional Application No. 61/684,479, filed Aug. 17, 2012, and U.S. Provisional Application No. 61/729,002, filed Nov. 21, 2012, all of which are incorporated herein by reference.

TECHNICAL FIELD

This disclosure relates to system security performed by a security central processing unit (SCPU), and more particularly, to security functions performed in a system by multiple SCPUs operating at different security levels.

BACKGROUND

Rapid advances in electronics and communications technologies, driven by consumer demand, have resulted in the widespread adoption of data-driven devices, including those for handling and converting third-party media content. Third-party customers or clients want their content handled with security such that the content is not copied or used outside of certain permission levels. Systems that stream content digitally for multiple media providers to consumers seek to include higher levels of security so that competitor providers cannot access each other's secrets. In a large system on a chip (SOC), a single security central processing unit (SCPU) may perform security functions.

BRIEF DESCRIPTION OF THE DRAWINGS

The systems and methods may be better understood with reference to the following drawings and description. In the figures, like reference numerals designate corresponding parts throughout the different views.

FIG. 1 is a block diagram of an exemplary multi-security central processing unit (CPU) system on a chip in an operating environment.

FIG. 2 is a more-detailed block diagram of the exemplary multi-security central processing unit (CPU) system on the chip as disclosed in FIG. 1.

FIG. 3 is a flow chart of an exemplary method for implementing the multi-security CPU system on a chip of FIG. 1.

FIG. 4 is a flow chart of an exemplary method for implementing intrusion detection within the multi-security CPU system on a chip of FIG. 1.

DETAILED DESCRIPTION

The discussion below makes reference to system security performed by a security central processing unit (SCPU), and more particularly, to security functions performed in a system by multiple SCPUs operating at different security levels. For purposes of explanation, two SCPUs are described, but more SCPUs may be implemented. The SCPUs may be instantiated on a system on a chip (SOC) such as may be used in a set top box (STB) for streaming media to consumers. Such media may include audio or audio/video content viewable by consumers on media devices.

In a large system on a chip (SOC) with a single security central processing unit (SCPU) that performs security functions, the system trust level may be binary: either the operation is highly secure, or it is completely untrusted. For operations that require an intermediate level of security, there exist two choices: (1) perform these operations in the SCPU; or (2) perform them in the host.

The first option may not be ideal because the SCPU may be responsible for highly sensitive tasks, like managing one time password (OTP) authentication, routing customer secrets, and the like. Mixing these highly sensitive tasks with lower security functions may create risk and detract from the main mission of the SCPU. The second option may not be ideal because performing intermediate security tasks in the host may leave the SOC unsecured, as the host CPU may not be trusted.

Executing security functions by a host on the chip may open up security too wide to provide sufficient security to chip operation. And, mixing highly secure and less secure functions as executed by a single SCPU may open system security up to some level of risk and detract from the main mission of a SCPU to secure the most sensitive functions of chip operation.

Furthermore, because the SCPU manages proprietary information to the SOC vendor, allowing the SCPU to be programmed by an end user customer may be problematic. Yet some of the intermediate level security tasks are better performed by end user code, and thus the SOC vendor may want to allow the customer to program aspects of SCPU functionality. To allow the user to program functions by the only SCPU on the chip may open up the security operation of the chip to additional risk and attack.

In an SOC, having a single SCPU may no longer be sufficient. Using a multi-security CPU approach, such as with a first SCPU dedicated for highly secure functions and a second SCPU used for lower security tasks, like digital rights management (DRM), managing transcoding, watermarking, etc. For purposes of explanation, the first SCPU is labeled security CPU-A herein, and the second security level SCPU is labeled security CPU-B.

FIG. 1 is an example diagram of a multi-security central processing unit (SCPU) system on a chip (SOC) 100 in an operating environment. The SOC 100 may be integrated within or coupled with a media device 10 when deployed into operation. FIG. 2 is a more-detailed block diagram of the exemplary multi-security central processing unit (CPU) system on the chip as disclosed in FIG. 1.

With reference to FIGS. 1 and 2, the system 100 may include first SCPU 102 also referred to as security CPU-A, second SCPU 104 also referred to as CPU-B, and a host processor 110, the general-purpose processor that runs the majority of the chip operation. The security CPU-A may be smaller than the security CPU-B and be configured to operate at a first security level higher than a second security level at which security CPU-B operates. The security CPU-B may be provided a higher trust level than the host processor 110 and the host processor may be denied execution of the second security level functions. The host processor 110 may also, at least in part, be located outside of the SOC 100.

Functions of security CPU-A at the first security level may include, for example, managing root keys, performing an initial secure boot, and routing secrets of a third-party content provider. Functions of security CPU-B at the second security level include, for example, digital rights management, license management, transcoder management, watermarking, and manipulation of data in secure memory. The security CPU-A may be configured with software code that treats commands from the security CPU-B as privileged, and that generates multiple unique commands for execution by the security CPU-B that are not executable by the host processor 110.

As configured to perform the majority of the processor-intensive security functions, the security CPU-B may be nearly as powerful as the host processor 110 in some implementations, and may, for instance, at the time of filing, perform up to 1,000 or 1,500 or more Dhrystone million instructions per second (DMIPS). As such, the security CPU-B maybe focused on lower security functions. Security CPU-A may need a fraction of the power and operate at less than 1,000 DMIPS.

The system 100 may further include on-chip sensors 113, memory such as dynamic random access memory (DRAM) 115, a local checker 118 coupled with the security CPU-A and multiple peripherals 120 of the security CPU-B. “Coupled with” herein may mean to be directly connected to a component or indirectly connected through one or more components. The DRAM 115 may include a portion of which is protected code 116 stored in secure memory 117. The secure memory 117 may be partitioned into specific or identified regions of the DRAM.

The security CPU-A may include a host interface 122 to communicate with the host processor 110 and an SCPU-B interface 124 with which to communicate with the security CPU-B. The security CPU-B may include a CPU-B 130, a local static random access memory (SRAM) 132, an instruction cache (i-cache) 134, a data cache (d-cache) 136, an instruction checker 138 and an interrupt controller 140. The local SRAM 132 may be private local memory for access by the security CPU-B in which instructions may be saved and data temporarily stored that is not accessible to the host processor 110 or to other on-chip entities or clients.

The security CPU-B and the security CPU-A may be coupled together with a dedicated, secure communications bus 142 that operates as a private channel between the CPU-B 130 and the security CPU-A. The secure communications bus 142 may be inaccessible by the host processor and inaccessible by third-party clients that exist on the SOC 100. The secure communications bus 142 may be configured with a combination of hardware and firmware and perform a master slave relationship in which, in some operations, the security CPU-A is either the master of or slave to the security CPU-B. For instance, the security CPU-A may be the master of booting CPU-B securely in memory. But, the security CPU-A may also receive commands from security CPU-B or the local checker 118, for instance.

A third party that exists on the SOC 100 may have its own CPU, its own block of logic, or exist on the chip as a combination of hardware and software having access to capabilities of the SOC 100. The third party CPU may include a secure interface managed by the CPU-A.

The system 100 may further include a common register bus 144 to which third-party clients that exist on the SOC 100 have access. The common register bus 144 may be used to write into registers of the memory 115. The security CPU-A may be configured to prevent certain on-chip clients from stopping security CPU-B from operating as intended, as disclosed herein.

The local checker 118, which may be coupled with the security CPU-A and security CPU-B, may be a piece of hardware configured to prevent some clients or hardware existing on the SOC 100 from accessing certain regions of the DRAM. Likewise, the local checker 118 may prevent blocking access by the security CPU-B to the common register bus 144 and/or to reading from and writing to the DRAM of the SOC 100.

The security CPU-A may also program the local checker 118 to ensure internal peripherals 120 of the security CPU-B are inaccessible by third-party entities having access to the host processor 110. The peripherals may include, but not be limited to, a Universal Asynchronous Receiver/Transmitter (UART), a timer, an interrupt, memory, data storage, a media device, or a combination thereof.

The instructions checker 138 may monitor instructions to be executed out of the DRAM and determine whether instructions called for execution from the secure memory by a component are cleared for execution by that component. To clear instructions for execution, the instruction checker 138 may ensure that the security CPU-B does not operate outside of a region of the secure memory 117 that has been authenticated for secure operation or conditional access by the host processor 110. For example, the instruction checker may monitor reads and writes to the DRAM 115 and compare the DRAM addresses of those memory accesses with an address range set up by the security CPU-A as a pre-authenticated region for execution of the instructions. If the security CPU-B attempts to execute instructions outside of the region of memory, the security CPU-B maybe rebooted or the entire SOC be reset.

In one example, the content saved to the secure memory 117 may include media content that a client does not want distributed in an unauthorized manner. The security CPU-B may decrypt the content for viewing on a consumer device, but not allow other peripherals to access or distribute the content outside of the system 100. The security CPU-B may ensure a consumer can view the content but not be directly accessed by the host. The security CPU-A and CPU-B may set up hardware that limits certain chip components in their access to the secure memory 117. For example, the security CPU-A and security CPU-B may make a region of memory off limits to the host processor. Furthermore, the security CPU-B may perform watermarking or manipulate time stamps with regards to content that a consumer may view.

More particularly, the secure memory 117 may be accessible exclusively to the security CPU-A and CPU-B and to local decompression and rendering engines. Thus, the security CPU-B may decrypt content into this memory region and then local display processes may read the decrypted content for local rendering. None of these steps requires the host processor 110 to have access to the secure memory. The security CPU-B may ensure a secure data flow by decrypting the content into this restricted region, out of reach of the host processor.

The interrupt controller 140 may be coupled with the security CPU-A and be configured to monitor the on-chip conditions from data generated by the sensors 113. The on-chip sensors 113 may generate data related to attributes of the chip such as, for example, temperature, voltage levels at specific points on the chip, clock speed and the like. If one of these attributes varies too much or in the wrong way, it may be indicative of a potential intrusion or hacker trying to disrupt normal operation of the SOC that would allow access to secure data and/or secure operation. The interrupt controller 140 may aggregate and mask interrupts from other functional blocks of the SOC 100 that may include interrogation of the sensors to detect predetermined threshold values of those sensors for use in determining whether or not the interrupt controller 140 masks an interrupt.

Furthermore, the interrupt controller 140 may generate an interrupt or a hookup in response to detecting conditions indicative of an intrusion. The interrupt or hookup may adjust operation of the host processor 110 or the security CPU-B in real time to ensure secure system operation. The host processor may also have a separate memory buffer than the memory buffer the security CPU-B uses, where the memory buffer for the security CPU-B may be configured as not accessible by the host processor 110 and configured to provide control logic to the second security CPU-B.

With further reference to FIG. 1, the system 100 may communicate over a network 15 such as the Internet or any wide or local area network to communicate with a Web server 20 and media clients 30. The clients 30 may be the customers that procure the SOC 100 for use by consumers to stream media content to consumer media devices 10. The security CPU-B may obtain the time and day over the Internet from the Web server 20 using a secure protocol. The time and day may then be considered secure time and be stored by the security CPU-B in either the local SRAM 132 or the secure memory 117 in DRAM 115. So stored, the security CPU-B may prevent access by the host processor or other on-chip programmed components to the secure time, which may be used by digital rights management and other forms of lower level security functions during execution of the secure functions.

FIG. 3 is an example flow chart of a method for implementing the multi-security CPU system of FIG. 1. A system on a chip (SOC) may include a first security central processing unit (SCPU) and a second SCPU (202, 210). The SOC may operate the first SCPU at a first security level (206). The SOC may operate the second SCPU at a second security level less secure than the first security level, but higher than a level at which a host processor operates (214). The first SCPU may create commands only executable by the second SCPU (218).

The second SCPU may determine whether an instruction called for execution from secure memory is cleared for execution by a component of the SOC calling the instruction (222). If the component is not cleared to execute the instruction, neither the first nor the second SCPU are permitted to execute the instruction (226). If the component is cleared to execute the instruction, the second SCPU may determine whether the instruction executes a first or the second security level function (230). If the component requests to execute a first security function, the first SCPU executes the instruction (234). If the component requests to execute a second security function, the second SCPU executes the instruction (238). The first SCPU may also be the requestor component of either the first or second security functions and the second SCPU may be the requestor component of either first or second security functions, depending on the function.

FIG. 4 is a flow chart of an exemplary method for implementing intrusion detection within the multi-security CPU system on a chip of FIG. 1. A system on a chip (SOC) may operate a first security central processing unit (SCPU) and a second SCPU (302). The second SCPU may operate an interrupt controller (306). The interrupt controller may monitor on-chip conditions of the SOC by monitoring data received from on-chip sensors (310). The on-chip conditions may include, for example, temperature, voltage levels at specific points on the chip, clock speed and the like. The second SCPU may generate an interrupt or hookup in response to detecting conditions indicative of an intrusion (314). The second SCPU may adjust operation of a host processor or the second SCPU as a result of the interrupt or the hookup to ensure secure system operation (318).

The methods, devices, and logic described above may be implemented in many different ways in many different combinations of hardware, software or both hardware and software. For example, all or parts of the system may include circuitry in a controller, a microprocessor, or an application specific integrated circuit (ASIC), or may be implemented with discrete logic or components, or a combination of other types of analog or digital circuitry, combined on a single integrated circuit or distributed among multiple integrated circuits.

While various embodiments of the invention have been described, it will be apparent to those of ordinary skill in the art that many more embodiments and implementations are possible within the scope of the invention. Accordingly, the invention is not to be restricted except in light of the attached claims and their equivalents. 

What is claimed is:
 1. An apparatus, comprising: a memory; a host processor configured to receive a request, by a device, to access data stored in the memory; a first security processor configured to perform an initial secure boot to set up an address range of the memory as a pre-authenticated region for execution of instructions, the first security processor configured to execute highly secure functions; a second security processor in secure communication with the first security processor and configured to execute lower security functions, the second security processor configured to determine authorization of the device to access the requested data based on digital rights management information associated with the requested data, after the request is authenticated according to instructions executed by the second security processor in accordance with the request being in the pre-authenticated region; and the host processor configured to respond to the requested access after the authorization of the device by the second security processor.
 2. The apparatus of claim 1, wherein the authenticity of the request is determined based on an identity associated with the device.
 3. The apparatus of claim 2, wherein the identity is determined based on a root key associated with the device.
 4. The apparatus of claim 2, wherein the identity is determined based on login information associated with the request.
 5. The apparatus of claim 4, wherein the authorization of the device to access the requested data is further determined based on the login information associated with the request.
 6. The apparatus of claim 1, wherein the requested data is a media file stored in a first portion of the memory which is inaccessible by the host processor, and wherein, the second security processor is further configured to render the media file and store the rendered media file to a second portion of the memory that is accessible by the host processor.
 7. A method comprising: receiving, by a system, a request sent by a device, to access data; performing, by a first security processor of the system, a higher level security function of an initial secure boot to set up an address range of the memory as a pre-authenticated region for execution of instructions not accessible to a host processor included in the system; communicating, the address range of the memory to a second security processor performing a lower level security function; determining, by the second security processor of the system, authorization of the device to access the requested data in response to the request being authentic according to instructions executed by the second security processor in accordance with the request being in the pre-authenticated region, wherein the requested data is associated with a digital rights management (DRM) protection; and the second security processor providing, access by the device to the requested data in response to the device being authorized according to the second security processor; the host processor configured to respond to the requested access after the authorization of the device by the second security processor.
 8. The method of claim 7, wherein authenticating the request by the first security processor comprises: verifying an identity of the device.
 9. The method of claim 8, wherein determining authorization of the device to access the requested data comprises: determining, by the second security processor, that the device is authorized to access at least some of the DRM protected data.
 10. The method of claim 9, wherein the requested data is stored in encrypted form as encrypted data.
 11. The method of claim 10, further comprising: decrypting the encrypted data, by the second security processor, in response to the device being authorized according to the second security processor.
 12. The method of claim 11, further comprising: storing the decrypted data, by the second security processor, in a secure portion of memory, wherein the decrypted data is accessible only via the first and second security processors.
 13. The method of claim 12, wherein the decrypted data comprises encoded media content, and the method further comprises: decoding, by the second security processor, the encoded media content; and storing, by the second security processor, the decoded media content in the secure portion of the memory.
 14. The method of claim 12, further comprising: watermarking, by the second security processor, parts of the decrypted data corresponding to the at least some of the DRM protected data that the device is authorized to access.
 15. The method of claim 14, wherein the decrypted data comprises encoded media content and the watermarking comprises identifying timestamps of the at least some of the DRM protected data that the device is authorized to access.
 16. A system comprising: circuitry configured to receive a request from a client device to access media content that is stored in an encrypted form; circuitry comprising a first security processor operable at a higher security level and configured to determine an address range of a memory as a pre-authenticated region for execution of instructions that is not accessible to a host processor included in the system; and circuitry comprising a second security processor, operable at a lower security level and configured to confirm execution of instructions called in accordance with the request are occurring in the pre-authenticated region as confirmation of authorization of the client device to access at least a portion of the media content based on digital right management protection of the media content, the circuitry further configured to: identify a portion of a memory as a secure portion; decrypt the encrypted media content and store the decrypted content in the secure portion of the memory; render the decrypted media content corresponding to the portion of the media content that the client device is authorized to access; and transmit, for receipt by the client device, rendered results corresponding to the portion of the media content that the device is authorized to access.
 17. The system of claim 16, wherein the authorization of the client device is determined based on identity of the device and the digital right management protection of the media content.
 18. The system of claim 16, wherein the secure portion of the memory is accessible only by a first component of the system and is inaccessible by a second component of the system.
 19. The system of claim 16, wherein the portion of the media content that the device is authorized to access is identified based on timestamps associated with the media content. 